Over the past few weeks we have started to see hackers use many different means to try get people to authorise payments via email.
We have seen some really good impersonation attacks that go like this. The accountant in a company gets an email from say the managing director asking her to pay an invoice. It turns out that it was not the managing director who sent the email but it was someone who either
- Sent an email that made it look like it was from the managing director but it was from a different email address and just had the name the same as the managing director.
- Someone was able to send a spoof email that was made to look exactly like the managing directors email.
- The managing director had his email hacked and someone was able to read his email and then send emails from his account.
There are means to address all of the above three seniors but they go beyond this post just make sure your Managed Service provider has things in place for the above scenarios.
The first simple thing you can do is not to just pay invoices that you get from someone in your company without a quick phone call to confirm that it is an actual invoice.
iPing provide managed services and business level email services so if you need some help with the above please contact us.
The most important thing is to-be vigilant!